Collection agency data breach affects millions of users

News
By
published

Almost two million people lost their sensitive data to hackers

Data leak
(Image credit: Shutterstock)

An American debt collection agency suffered a data breach in late February, losing sensitive data belonging to almost two million people.

Earlier this week, Financial Business and Consumer Solutions (FBCS) sent a data breach notification letter to affected customers, explaining that unauthorized third parties accessed its systems on February 14, 2024, and remained there until being spotted, and ousted, on February 26.

During these two weeks, the unnamed threat actors harvested sensitive information on almost two million people (1,955,385), including full names, social security numbers (SSN), birth dates, account information, driver’s license numbers, and ID card numbers. All affected individuals are U.S. citizens. 

Next steps

There was no word on who the attackers were, how they accessed company infrastructure (whether it was via software vulnerabilities or credential phishing), or if they demanded payment to keep the data private. No hacking groups have taken responsibility for the breach.

Explaining its next steps, FBCS said it will do the usual - analyze the incident, tighten up on security, offer identity protection and credit monitoring to affected individuals and, ironically enough, provide guidance on how to better protect against identity theft and fraud.

“Further, FBCS notified federal law enforcement regarding the event. FBCS is also working to implement additional safeguards in a newly built environment,” the letter reads. 

“FBCS is providing access to credit monitoring services for twelve months, through Cyex, to individuals whose personal information was potentially affected by this incident, at no cost to these individuals. Additionally, FBCS is providing impacted individuals with guidance on how to better protect against identity theft and fraud, including advising individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank.” 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.